[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help needed for Openldap > Active directory slave/proxy setup.

To: Marco van Putten <marco.vanputten@tudelft.nl>
Subject: Re: Help needed for Openldap > Active directory slave/proxy setup.
From: Dan White <dwhite@olp.net>
Date: Fri, 14 Dec 2012 09:50:23 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <50CB38A3.5070700@tudelft.nl>
References: <50CB38A3.5070700@tudelft.nl>
User-agent: Mutt/1.5.21 (2010-09-15)

On 12/14/12 15:33 +0100, Marco van Putten wrote:

Hi all,
We want to setup a Openldap server which is a slave to our Activedirectory. The ldap server only has to do replication of thenecessary records to act as a address book for non Exchange users.
Further more the authentication has to be done against the users inthe Active directory.


You can use use slapo-pbind or slapd-ldap to forward simple binds to active
directory. If you're performing sasl binds, you could configure slapd to
use saslauthd to authenticate PLAIN sasl binds against active directory:

~$ cat /etc/saslauthd.conf

ldap_servers: ldap://192.0.2.5
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

or you could configure saslauthd to use its kerberos5 backend.

I found some guides/examples to set up the authentication part. Butnone of them seems to do want we want because it requires to have theuser in your Openldap server with a special "userPassword{SASL}user@domain.com" entry. But we want the openldap database toonly contain contact information and not username/passwordinformation.
Does anybody know how to set up such a thing and can give me somehints/guides/recipes on how to do this?


--
Dan White

References:
- Help needed for Openldap > Active directory slave/proxy setup.
  - From: Marco van Putten <marco.vanputten@tudelft.nl>

Prev by Date: Re: best practices for backing up ldap configuration
Next by Date: Re: best practices for backing up ldap configuration
Index(es):
- Chronological
- Thread